Hi, > If I may jump in here and ask some questions? NO YOU CANNOT... just kidding ;) Of course! hehe
> I guess it would be good practise to expire and remove nodes from the > database periodically as I can see it potentially building up and up. Is > there a way when using vlan mode to do this? Would running the 'delete from' > command that Francois gives below be sufficient to clear out the entries from > the nodes table if I was to schedule it in as a script? Should I also run > this for the location and iplog tables too? The "easiest" way would be to use the detect date (first DHCP seen, first RADIUS request). It is the date where the node is added to the DB. Automatically unregistering is easy, but expiring node will require some code (probably in pfmon). Now this also fires up some other questions: - Do we want to expire only unregistered nodes? - What do we do when the node still have an open locationlog? (ie. node still connected to a switchport) > > Ideally what I'd like to see is a way to unregister nodes after an amount of > time (ie, the end of academic year), and also something that would clear out > unregistered devices on a set time period, maybe once a week. Looking at the > documentation.conf it appears this is perfectly possible in arp mode, but not > vlan just yet. I think the use case is there. In fact, most of the people in the educational market would like to see that as well. I am thinking of a university in a downtown area with thousands of people hooking to their open SSID without registering. They would love to see the DB automatically cleaned out. I will open a ticket in our BTS so you will be able to follow the status of the feature. Thanks for your ideas! > > Cheers, > Andi > > -----Original Message----- > From: Francois Gaudreault [mailto:[email protected]] > Sent: 06 July 2012 14:52 > To: [email protected] > Subject: Re: [PacketFence-users] expire.node > > Hi Mark, > > On 12-07-06 9:13 AM, Mark Holmes wrote: >> When I do >> >> delete from node where status="unreg" AND detect_date<= NOW(); >> >> I get ' ERROR 1146 (42S02): Table 'pf.node_useragent' doesn't exist' >> >> If I do >> >> show tables from pf >> >> I see node and node_category but that is all. >> >> Did I miss a schema update somewhere? > Yes. You likely have a missing table/tables in the schema. This table has > been introduced back in upgrade-2.0.0-2.2.0.sql. > >> >> Mark >> >> >> -----Original Message----- >> From: Mark Holmes [mailto:[email protected]] >> Sent: 06 July 2012 13:57 >> To: [email protected] >> Subject: Re: [PacketFence-users] expire.node >> >>> Anyway, I am not even sure this expire is working for VLAN mode. I think >>> it was only designed for ARP mode. >> >> Ah, I'll leave that then. I am looking for a way to clear some nodes out as >> for some reason I have 65000+ rows in the nodes table (I don't know how as >> we only have 500 or so devices on the network...), but from looking around >> it seems this is problematic with VLAN isolation mode. >> >> In the bug tracking system I have seen 0000887 which is still open so I >> suppose there is no way to remove nodes yet? >> >> Mark >> >> >> >> >> >> >> -----Original Message----- >> From: Francois Gaudreault [mailto:[email protected]] >> Sent: 06 July 2012 13:51 >> To: [email protected] >> Subject: Re: [PacketFence-users] expire.node >> >> Hi, >> >> I am not able to reproduce, I set in pf.conf: >> >> [expire] >> node = 180D >> >> Running the checkup will pass. Anyway, I am not even sure this expire is >> working for VLAN mode. I think it was only designed for ARP mode. >> >> On 12-07-06 6:20 AM, Mark Holmes wrote: >>> I just set expire.node=180D in pf.conf >>> >>> When I start PacketFence I get >>> >>> FATAL - pf.conf value expire.node does not explicity define interval >>> (eg. 7200s, 120m, 2h) - please define it before running packetfence >>> >>> What have I missed? >>> >>> Thanks, >>> >>> Mark >>> >>> Nuffield College is a Registered Charity No. 1137506. Registered >>> Office: Nuffield College, New Road, Oxford, OX1 1NF >>> >>> --------------------------------------------------------------------- >>> - >>> -------- >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. >>> Discussions will include endpoint security, mobile security and the >>> latest in malware threats. >>> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> >> >> >> -- >> Francois Gaudreault, ing. jr >> [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence >> (www.packetfence.org) >> >> ---------------------------------------------------------------------- >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> Nuffield College is a Registered Charity No. 1137506. Registered >> Office: Nuffield College, New Road, Oxford, OX1 1NF >> >> ---------------------------------------------------------------------- >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> Nuffield College is a Registered Charity No. 1137506. Registered >> Office: Nuffield College, New Road, Oxford, OX1 1NF >> >> ---------------------------------------------------------------------- >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> > > > -- > Francois Gaudreault, ing. jr > [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse > inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence > (www.packetfence.org) > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and threat > landscape has changed and how IT managers can respond. Discussions will > include endpoint security, mobile security and the latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ________________________________ > > From 1st November 2011 UWIC changed its title to Cardiff Metropolitan > University. From the 6th December 2011, as part of this change, all email > addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All > emails sent from Cardiff Metropolitan University will now be sent from the > new @cardiffmet.ac.uk address. Please could you ensure that all of your > contact records and databases are updated to reflect this change. Further > information can be found on the website > here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan > Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost > sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a > ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad > @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich > cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o > wybodaeth ar y wefan > yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Francois Gaudreault, ing. jr [email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
